Secure Tropos

The common approach towards the inclusion of security within a software system is to identify security requirements after the definition of a system. This typically means that security enforcement mechanisms have to be fitted into a pre-existing design, leading to serious design challenges that usually translate into the emergence of computer systems afflicted with security vulnerabilities.

Moreover, security is traditionally approached as a technical issue that requires a technical solution. This treatment of security has led to the development of a number of security mechanisms and protocols that on one hand are successfully used in modern software systems but, on the other hand, have failed to ensure an acceptable degree of security.

Security of software systems has been transformed from a mono-dimensional technical issue to a two-dimensional issue that includes a technical dimension (related to challenges and problems associated to the available technology and the infrastructure of software systems) and a social dimension (which includes issues and problems related to the correct elicitation and analysis of security requirements and the involvement of humans in securing software systems). To effectively consider both dimensions, the research literature argues that it is essential for security to be considered from the early stages and throughout the software development lifecycle and a sound software engineering methodology needs to be developed that supports the simultaneous analysis of both dimensions of security.

Secure Tropos is a security-aware software systems development methodology, which combines requirements engineering concepts, such as actor, goal, plan together with security engineering concepts such as threat, security constraint and security mechanism, under a unified process to support the analysis and development of secure and trustworthy software systems.

Project aims

The project aimed to develop a software engineering methodology that incorporates security concerns in a structured and coherent way at all the stages of software systems design and development.

Project findings and impact

The original version of the methodology (2003-2013) was based on an adapted version of the i* language and the Tropos methodology development stages. Version 2 of the methodology (2013-) includes a number of enhancements such as a new streamlined security-aware process, a new set of security related concepts that enhance the security analysis, and a new set of techniques that enable automatic analysis of various security aspects of the system under development.

The methodology is supported by the SecTro tool, which supports the development of Secure Tropos models, it provides a set of analysis techniques and it enables the automatic generation of WORD and PDF files.

The SecTro is a comprehensive CASE tool, which supports the second version of Secure Tropos methodology. It is the second iteration of the dedicated tool which aims to be stable even with very large models, easy to use, provide automation and assistive features and build a solid base for future improvements.

All views of the same system are combined into single model for clutter-less management

Views are automatically synchronised between each other to ease the design process

Automatic model integrity checks are performed during modelling activities